From 792bfe533cefebcb2aed658df1e0bb1ec2d350d4 Mon Sep 17 00:00:00 2001 From: Qiu Jian Date: Sun, 20 Dec 2020 01:30:12 +0800 Subject: [PATCH] fix(cloudcommon): add rbac_policy_refresh_internval_seconds option Add new option rbac_policy_refresh_interval_seconds to control the valid duration of a policy cache. The option is introduced at 3.6. Replace option rbac_policy_sync_period_seconds. --- pkg/cloudcommon/app/auth.go | 2 +- pkg/cloudcommon/options/options.go | 6 +++--- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/pkg/cloudcommon/app/auth.go b/pkg/cloudcommon/app/auth.go index de17d7dcc8..42aa9f1101 100644 --- a/pkg/cloudcommon/app/auth.go +++ b/pkg/cloudcommon/app/auth.go @@ -94,7 +94,7 @@ func InitAuth(options *common_options.CommonOptions, authComplete auth.AuthCompl func InitBaseAuth(options *common_options.BaseOptions) { if options.EnableRbac { policy.EnableGlobalRbac( - time.Second*time.Duration(options.RbacPolicySyncPeriodSeconds), + time.Second*time.Duration(options.RbacPolicyRefreshIntervalSeconds), options.RbacDebug, ) } diff --git a/pkg/cloudcommon/options/options.go b/pkg/cloudcommon/options/options.go index 54c61540c7..5d0ed17f04 100644 --- a/pkg/cloudcommon/options/options.go +++ b/pkg/cloudcommon/options/options.go @@ -73,9 +73,9 @@ type BaseOptions struct { NotifyAdminUsers []string `default:"sysadmin" help:"System administrator user ID or name to notify system events, if domain is not default, specify domain as prefix ending with double backslash, e.g. domain\\\\user"` NotifyAdminGroups []string `help:"System administrator group ID or name to notify system events, if domain is not default, specify domain as prefix ending with double backslash, e.g. domain\\\\group"` - EnableRbac bool `help:"Switch on Role-based Access Control" default:"true"` - RbacDebug bool `help:"turn on rbac debug log" default:"false"` - RbacPolicySyncPeriodSeconds int `help:"policy sync interval in seconds, default half a minute" default:"30"` + EnableRbac bool `help:"Switch on Role-based Access Control" default:"true"` + RbacDebug bool `help:"turn on rbac debug log" default:"false"` + RbacPolicyRefreshIntervalSeconds int `help:"policy refresh interval in seconds, default half a minute" default:"30"` // RbacPolicySyncFailedRetrySeconds int `help:"seconds to wait after a failed sync, default 30 seconds" default:"30"` ConfigSyncPeriodSeconds int `help:"service config sync interval in seconds, default 30 minutes" default:"1800"`